Posts: 16

Topic: Hardware crypto on wl-500g deluxe and on wgt634u

Hello

I'm trying to use the hardware crypto capabilities of these two routersi've installed xwrt 809rc2, all kmod-crypto packages, kmod-ocf-ubsec-ssb and crypto-tools on the wgt634u, and after running "cryptotest -z 1024", i'm afraid that computation is done by the cpu (as many people said it doesn't work)

On the wl-500gd now, i've installed xwrt openvpn package (809rc2) with all the kmod-crypto packages except kmod-crypto-test (i've not enougth space), kmod-ocf-ubsec-ssb and crypto-tools, but when i run cryptotest, it just test the null crypts and it freeze (no des, 3des .....)

here are my questions:-have someone manage to make a vpn box with wl-500gd (with hardware crypto of course)?-Is someone having an idea about the cryptotest freeze on the wl-500gd?-Will the hardware acceleration work on the wgt634u in the future (is this a problem of drivers or of hardware)

Re: Hardware crypto on wl-500g deluxe and on wgt634u

Just keep in mind, setting up transactions with a crypto engine is in general expensive. You get an appreciable gain with big transfers only. For average vpn traffic it's probably not worth

Due to the benchmarks in {url]http://www.danm.de/files/src/bcm5365p/bench/[/url] hw crypto increased the speed of scp'ing a fileof 10 MByte by a factor of ~2. This seems to be measured on an Asus WL-500gP with a CPU @ 266 MHz. The WGT634U's CPU runs @ 200 MHz only.

Re: Hardware crypto on wl-500g deluxe and on wgt634u

It seems like AES is currently broken on the WGT-634U, i.e. the results are wrong.Could someone please run cryptotest -c -a aes on a Asus WL-500gP v1 or any other hardware with a BCM94704and running the current svn trunk software?

Re: Hardware crypto on wl-500g deluxe and on wgt634u

Due to the benchmarks in {url]http://www.danm.de/files/src/bcm5365p/bench/[/url] hw crypto increased the speed of scp'ing a fileof 10 MByte by a factor of ~2.

That's the proof of what i said. I would expect a (much) higher factor. If you try with a bigger file, factor should be even better.But such big transfers are not the common case in vpn.

I don't think that bigger files would lead to better results here, as I assume openssh feeds cryptodev with a buffer of constant size and AFAIR the upper limit of the size is 64K-1 (saw some define in the ubsec_ssb sources).

We shouldn't focus on speed improvements in the idle case only, but also look on CPU utilization, where I would assume 100% for the software case and something considerable less with the crypto hw. Which translates into a higher factor under real-world conditions where the CPU is neededfor other tasks, too.

Re: Hardware crypto on wl-500g deluxe and on wgt634u

jal2 wrote:

We shouldn't focus on speed improvements in the idle case only, but also look on CPU utilization, where I would assume 100% for the software case and something considerable less with the crypto hw. Which translates into a higher factor under real-world conditions where the CPU is neededfor other tasks, too.

Re: Hardware crypto on wl-500g deluxe and on wgt634u

jal2 wrote:

It seems like AES is currently broken on the WGT-634U, i.e. the results are wrong.

It seems like the 3DES results from the hardware are also wrong, it calculates a simple DES only.cryptotest -c -a 3des cannot detect this, because its check is to decrypt the encrypted dataand compare the result with the original plaintext.

The export control pin mentioned here is really enabled.No hope for 3DES or AES in hardware unless someone finds a trace on the PCB where a pull-down resistor is missing.